From b750552c2d5752d852c2528d4d45411342378d61 Mon Sep 17 00:00:00 2001
From: Marco Szulik <marco.szulik@goodbabyint.com>
Date: Tue, 6 Aug 2024 14:14:30 +0200
Subject: [PATCH] add a warning for the newly configured
 Access-Control-Allow-Origin header

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 7c780d3..1281b22 100644
--- a/README.md
+++ b/README.md
@@ -249,6 +249,11 @@ To configure an AWS SQS queue, see the according keys in the `.env`.
 
 ### Local disk setup
 
+> [!WARNING]
+> For the docker setup, to be able to deliver videos, the `Access-Control-Allow-Origin` header is currently set to '*'. This means every website can embed your videos.
+> 
+> If you want to restrict this, you can mount your own configuration at `/opt/docker/etc/nginx/vhost.common.d/10-location-root.conf`. The current config can be found at `docker/location-root.conf`. 
+
 #### Prerequisites for video functionality
 
 - File storage accessible at `storage/app/videos`